18 March Google accidentally leaked hundreds of thousands of customers' personal details — and didn't notice for 2 years March 18, 2015 By Rob Frierson General Google leaked customers' personal details 0 Google accidentally leaked hundreds of thousands of customers' personal details — and didn't notice for 2 years Google has accidentally leaked the personal details of more than 280,000 customers, Ars Technica reports. The fault first appeared back in mid-2013 — but it has only recently been discovered and fixed, meaning people have been at risk for years. Identified by security researchers at Cisco, the vulnerability affects websites registered via Google Apps for work, using the registrar eNom. The owners of the websites in question had all opted into "WHOIS privacy protection," which means that when someone WHOISes — or queries — the website, the personal details of the individual who registered it are hidden. You might use the service if you're an anonymous political blogger, or run a website about an embarrassing hobby — or are just particularly privacy-conscious. 305,925 websites domains were registered this way — but Cisco found that 282,867 of them (94%) have had their personal details unmasked due to a fault in Google's code. Customers' leaked information includes "full names, addresses, phone numbers, and email addresses." Cisco first discovered the issue on February 19, 2015, two years after the fault first arose. After Google was notified, the search giant then fixed it around a week later, and notified customers last night. It's unclear how many customers seeking anonymity were unmasked as a result of this error. Cisco researchers write that in addition to the direct threat that the operators of sensitive websites may face as a result of being unmasked, it also puts them at greater risk of fraud. Being able to send "targeted spear phish emails containing the victim's name address and phone number" could make attempts at fraud and identity theft more dangerous. Here's the message Google Apps customers received: Dear Google Apps Administrator, We are writing to notify you of a software defect in Google Apps’ domain registration system that affected your account. We are sorry that this defect occurred. We want to inform you of the incident and the remedial actions we have taken to resolve it. When the unlisted registration option was selected, your domain registration information was not included in the WHOIS directory for the first year. However, due to a software defect in the Google Apps domain renewal system, eNom’s unlisted registration service was not extended when your domain registration was renewed. As a result, upon renewal and from then on forward, your registration information was listed publicly in the WHOIS directory. A Google spokesperson provided Business Insider with the following statement: A security researcher recently reported a defect via our Vulnerability Rewards Program affecting Google Apps’ integration with the Enom domain registration API. We identified the root cause, made the appropriate fixes, and we're communicating with affected Apps customers. We apologize for any issues this may have caused. Article by Rob Price Read more: http://www.businessinsider.com/google-leaks-whois-data-of-280000-customers-2015-3#ixzz3UkY7xPtu Related Internet Explorer Is Finally Being Killed After Years Of Merciless Mockery Internet Explorer Is Finally Being Killed After Years Of Merciless Mockery SchoolDesk Launches Google Calendar Module! SchoolDesk launches the new specialized Google Calendar Module on SD7! Even the best of us... Stumble. Google Calendar facing global calendar outages. What The New E-Rate Funding Can Do For Your District What the $1.5 billion increase in E-rate's annual funding approved by the Federal Communications Commission means for your school. How NOT to install Adobe Flash Player How NOT to install Adobe Flash Player PowerSchool selects SchoolDesk as a partner PowerSchool selects SchoolDesk as a partner Showing 0 Comment Comments are closed.